Last year, Notepad++, a popular text and source code editor, was targeted by hackers. The attackers compromised the update mechanism, redirecting users to malicious servers. This resulted in users downloading compromised executables, potentially infecting their devices. Now, the creator, Don Ho, revealed that the group behind the attack is likely Chinese state-sponsored.

The attackers began redirecting traffic in June 2025, continuing until December 2nd. The method involved compromising the hosting provider. The exact technical details are still under investigation. Notepad++ has since released a security patch and migrated to a new hosting provider with enhanced security measures. Users who want to install the app should manually download version 8.9.1.

This incident highlights the ongoing threat of supply chain attacks, where attackers target software updates to distribute malware. The selective targeting suggests the attackers had specific goals, though the specifics remain unclear. Cybersecurity experts are likely analyzing the compromised files to determine the full scope of the attack and its impact.

Moving forward, users should always verify the source of software downloads and keep their applications updated. Developers must prioritize the security of their update mechanisms to prevent similar incidents. The industry will be watching to see what other details emerge about the attack and its implications for cybersecurity.